1. Field of the Invention
The present invention relates to computer network security. More specifically, it relates to establishing secure channels between entities in a data communications network.
2. Description of the Related Art
One of the goals of establishing a secure authentication channel or “SAC” between nodes is to prevent tampering or corrupting of data being transmitted between the nodes. For example, sensitive data may be encrypted to prevent unauthorized parties from reading the data; the bytes comprising the data are scrambled, thereby protecting the content from being read. However, the scrambled data may still be tampered with or altered, for example, bits may be changed randomly, thereby preventing an authorized party from accurately decrypting the data. In this scenario, although a disruptive party may not be able to read the contents of the data, it is able to at least prevent the authorized recipient from obtaining an accurate rendering of the content (or any rendering) when decrypting the content, essentially sabotaging or undermining the relationship between the sender and the recipient. A SAC denies the disruptive party access to the encrypted content and thereby protects it from tampering. One of the applications of a SAC is in the context of digital rights management and transmission of, for example, copyright protected data, such as movies, music, various audio/visual content, only subscription-only content (e.g., medical data, financial data, and so on).
Methods of establishing a Secure Authentication Channel (SAC) between two entities may be separated into two categories: (a) those using common public key based infrastructure (PKI) cryptography, and (b) those that use shared secret key cryptography (which requires a shared secret between parties establishing a SAC). PKI-based methods are more scalable and may be more secure than the shared secret approach. However, they require significant computational resources. Secret key methods are efficient, but are often not secure (depending on how the shared secret is generated and distributed to all parties) and may not be scalable.
Transport Layer Security (TLS) is a well-known method for establishing a SAC using a PKI-based mechanism. TLS is cryptographically intensive primarily because it uses public key cryptography. Trust between entities lasts only as long as a session is alive. This is undesirable in certain environments, such as in a home network, which may require a constant or ongoing session and involve a number of low-powered devices having limited memory and computing power. Public key based mechanisms are scalable since there is no need to pre-configure communicating entities using shared secrets. However, as noted, they are costly in terms of processing and complexity due to PKI-based operations.
Shared secret methods of establishing a SAC consist of using shared secret key mechanism, which are, in contrast to PKI, simple to implement. However, these methods may have scalability issues, since, in order to allow any two communicating entities to communicate privately, every communicating entity needs to be configured with a shared secret. Thus, if there are n communicating entities in the network, then each entity needs to store or know (n−1) keys, one for each other entity. If a new entity is added, then n new keys need to be generated, so that the new entity may have a shared secret with each of the other n entities. This is not clearly scalable in a large network.
One approach to facilitate management of shared keys is to use a central trusted entity, often referred to as a Key Distribution Center (KDC). The KDC shares a shared secret key with each of the communicating entities. If a new entity is installed, then only that entity and the KDC need to be configured with a new secret key. In some cases the KDC facilitates a SAC by sending a shared secret to the two entities, encrypting the shared secret using the two entities secret keys. Kerberos is another example of a shared key based service that uses the concept of KDC to provide authentication and private communications in the network. In Kerberos, the KDC communicates with only one of the nodes instead of with both. The KDC sends the key and a ticket (containing an encrypted key) to one of the nodes. The other node recovers the encrypted key from the ticket using the pre-shared secret.